diff mbox series

[NEXT,v3] package/xerces: add enable network option

Message ID 20200520222850.55150-1-matthew.weber@rockwellcollins.com
State Accepted
Headers show
Series [NEXT,v3] package/xerces: add enable network option | expand

Commit Message

Matt Weber May 20, 2020, 10:28 p.m. UTC 
From: Jared Bents <jared.bents@rockwellcollins.com>

Update to add the option to compile xerces with network
enabled by default so it can be unselected to compile
without network support.

When network support is enabled the Network Accessor feature
will decode schema urls and if they don't appear as localhost
or local files, it will open a stream (socket) session with
the remote server. In an embedded setting having the option to
disable this allows:
 * cleaner audit logging
 * smaller security attack surface
 * less library dependencies
 * no behind the scenes failed session attempts

Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>

---
Changes
v2 -> v3
 - updated description of what an option like this is needed
 - dropped the bool syntax for setting the value to off after
   testing that it isn't required
---
 package/xerces/Config.in | 10 ++++++++++
 package/xerces/xerces.mk |  4 ++++
 2 files changed, 14 insertions(+)
diff mbox series

Patch

diff --git a/package/xerces/Config.in b/package/xerces/Config.in
index 2edc4346b5..a9b102bd5e 100644
--- a/package/xerces/Config.in
+++ b/package/xerces/Config.in
@@ -6,5 +6,15 @@  config BR2_PACKAGE_XERCES
 
 	  http://xerces.apache.org/xerces-c/
 
+if BR2_PACKAGE_XERCES
+
+config BR2_PACKAGE_XERCES_ENABLE_NETWORK
+	bool "Enable network support"
+	default y
+	help
+	  Enable network support in xerces
+
+endif
+
 comment "xerces-c++ needs a toolchain w/ C++, wchar"
 	depends on !(BR2_INSTALL_LIBSTDCPP && BR2_USE_WCHAR)
diff --git a/package/xerces/xerces.mk b/package/xerces/xerces.mk
index c75a8b0d35..ae42b1e62f 100644
--- a/package/xerces/xerces.mk
+++ b/package/xerces/xerces.mk
@@ -31,12 +31,16 @@  XERCES_CONF_ENV += LIBS=-liconv
 XERCES_DEPENDENCIES += libiconv
 endif
 
+ifeq ($(BR2_PACKAGE_XERCES_ENABLE_NETWORK),y)
 ifeq ($(BR2_PACKAGE_LIBCURL),y)
 XERCES_CONF_OPTS += -Dnetwork-accessor=curl
 XERCES_DEPENDENCIES += libcurl
 else
 XERCES_CONF_OPTS += -Dnetwork-accessor=socket
 endif
+else
+XERCES_CONF_OPTS += -Dnetwork=OFF
+endif
 
 ifeq ($(BR2_TOOLCHAIN_HAS_THREADS),y)
 XERCES_CONF_OPTS += -Dthreads=ON